OpenSolaris

Printable Version Enter a New Search
Bug ID 6579866
Synopsis [tcde] cannot launch terminal in non-root administrative role workspace
State 10-Fix Delivered (Fix available in build)
Category:Subcategory xserver:xorg-server
Keywords s10patch-approved
Responsible Engineer Alan Coopersmith
Reported Against s10u4_11
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_73
Fixed In snv_73
Release Fixed solaris_nevada(snv_73) , solaris_10u5(s10u5_01) (Bug ID:2152117)
Related Bugs 6691332
Submit Date 12-July-2007
Last Update Date 27-August-2007
Description 
s10u4_11 x86 32 bit xserver on system console.
This problem:
1. does not occur on sparc
2. does not occur on x86 sunray DTU
3. occurs on x86 system console, both on systems configured for sunray and on systems
which are not configured for sunray.

Using smc, created a role e.g. role01 with system administrator rights.
Ensure the roles $HOME has the correct ownership assignments.
See bug 6579845 [tcde- smc] $HOME ownership incorrect when administrative role created
Using smc, create a user e.g. zone-test1 with clearance e.g. set to restricted.
In smc assign role01 to zone-test1.

drwxr-x---   4 zone-test1 staff        512 Jul 12 12:42 zone-test1
drwxr-x---   3 role01   sysadmin     512 Jul 12 12:42 role01

zone-test1::::idlecmd=lock;labelview=showsl;idletime=60;roles=role01;type=normal;lock_after_retries=no;clearance=0x0004-08-78
role01::::profiles=System Administrator;labelview=internal,showsl;type=role;lock_after_retries=no;min_label=ADMIN_LOW;clearance=ADMIN_HIGH

bash-3.00# ps -ef | grep Xorg
zone-tes  4328   814   0 12:42:17 ?           0:01 /usr/X11/bin/Xorg :0 -depth 24 -nobanner -auth /var/dt/A:0-75aWLb
    root  4756  3597   0 12:47:53 pts/3       0:00 grep Xorg
bash-3.00# file /usr/X11/bin/Xorg
/usr/X11/bin/Xorg:      ELF 32-bit LSB executable 80386 Version 1, dynamically linked, not stripped

Login as zone-test1 on system console, 
in public label launch dtterm -ok
in restricted label launch dtterm -ok
assume 'role01' - enter password.
Attempt to launch a dtterm in the role01 workspace - nothing happens.
attached /export/home/role01/.dt/startlog
ps -ef | grep xagent | grep -v grep  shows :-
zone-tes  4640  4635   0 12:42:42 ?           0:00 /usr/dt/bin/tsolxagent
zone-tes  4553  4547   0 12:42:30 ?           0:00 /usr/dt/bin/tsolxagent


logout zone-test1
login zone-test1 on sunray DTU on same system.
in public label launch dtterm -ok
in restricted label launch dtterm -ok
assume 'role01' - enter password.
Attempt to launch a dtterm in the role01 workspace - dtterm launches.
bash-3.00# ps -ef | grep xagent | grep -v grep
zone-tes  5467  5445   0 13:28:57 ?           0:00 /usr/dt/bin/tsolxagent
zone-tes  5487  5481   0 13:28:57 ?           0:00 /usr/dt/bin/tsolxagent
  role01  5567  5563   0 13:29:10 ?           0:00 /usr/dt/bin/tsolxagent
Also happens in Nevada 71(x86 Xorg).
Work Around 
Try disabling access control for the Xorg server. This can be done by using the command xhost + in the global zone (as root) with the DISPLAY set to :0.

Then try switching to role01.
The workaround is to create a file to permit TCP connections coming from the local host. This is done by creating a file called
/etc/X0.hosts and adding a single line containing the name of the global zone's hostname.
Comments 
N/A